The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the following names to these issues:

CAN-2003-0854 ls in the fileutils or coreutils packages allows
local users to consume a large amount of memory via a large -w
value, which can be remotely exploited via applications that use
ls, such as wu-ftpd.

CAN-2003-0853 An integer overflow in ls in the fileutils or
coreutils packages may allow local users to cause a denial of
service or execute arbitrary code via a large -w value, which could
be remotely exploited via applications that use ls, such as
wu-ftpd.

2. Vulnerable Supported Versions

System

Package

OpenLinux 3.1.1 Server

prior to fileutils-4.1-6.i386.rpm

OpenLinux 3.1.1 Workstation

prior to fileutils-4.1-6.i386.rpm

3. Solution

The proper solution is to install the latest packages.
Many customers find it easier to use the Caldera System Updater,
called cupdate (or kcupdate under the KDE environment), to update
these packages rather than downloading and installing them by
hand.

SCO is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO
products.

8. Acknowledgements

SCO would like to thank Georgi Guninski

Please enable Javascript in your browser, before you post the comment! Now Javascript is disabled.